| title | sp_revokelogin (Transact-SQL) | ||
|---|---|---|---|
| description | sp_revokelogin Removes the login entries from SQL Server for a Windows user or group. | ||
| author | VanMSFT | ||
| ms.author | vanto | ||
| ms.reviewer | randolphwest | ||
| ms.date | 06/23/2025 | ||
| ms.service | sql | ||
| ms.subservice | system-objects | ||
| ms.topic | reference | ||
| f1_keywords |
|
||
| helpviewer_keywords |
|
||
| dev_langs |
|
[!INCLUDE SQL Server]
Removes the login entries from [!INCLUDE ssNoVersion] for a Windows user or group created by using CREATE LOGIN, sp_grantlogin, or sp_denylogin.
Important
[!INCLUDE ssNoteDepFutureAvoid] Use DROP LOGIN instead.
:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions
sp_revokelogin [ @loginame = ] N'loginame'
[ ; ]
The name of the Windows user or group. @loginame is sysname, with no default. @loginame can be any existing Windows user name or group in the form <ComputerName>\<User> or <Domain>\<User>.
0 (success) or 1 (failure).
sp_revokelogin disables connections using the account specified by @loginame. Windows users that are granted access to an instance of [!INCLUDE ssNoVersion] through membership in a Windows group, can still connect as the group after their individual access has been revoked. Similarly, if @loginame specifies the name of a Windows group, members of that group that have been separately granted access to the instance of [!INCLUDE ssNoVersion] can still connect.
For example, if Windows user ADVWORKS\john is a member of the Windows group ADVWORKS\Admins, and sp_revokelogin revokes the access of ADVWORKS\john:
EXECUTE sp_revokelogin [ADVWORKS\john];User ADVWORKS\john can still connect if ADVWORKS\Admins is granted access to an instance of [!INCLUDE ssNoVersion]. Similarly, if Windows group ADVWORKS\Admins has its access revoked but ADVWORKS\john is granted access, ADVWORKS\john can still connect.
Use sp_denylogin to explicitly prevent users from connecting to an instance of [!INCLUDE ssNoVersion], regardless of their Windows group memberships.
sp_revokelogin can't be executed within a user-defined transaction.
Requires ALTER ANY LOGIN permission on the server.
The following example removes the login entries for the Windows user Corporate\MollyA.
EXECUTE sp_revokelogin 'Corporate\MollyA';Or
EXECUTE sp_revokelogin [Corporate\MollyA];